Posted
by
timothy
on Saturday April 21, 2012 @08:24AM
from the well-it-isn't-obscurity dept.

chicksdaddy writes "Threatpost is reporting on a new study of mobile malware that finds accountability, not superior technology, has kept Apple's iOS ecosystem free of viruses, even as the competing Android platform strains under the weight of repeated malicious code outbreaks. Dan Guido of the firm Trail of Bits and Michael Arpaia of iSEC Partners told attendees at the SOURCE Boston Conference on Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms which shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware, despite owning 30% of the mobile smartphone market in the U.S. Apple's special sauce? Policies that demand accountability from iOS developers, and stricter controls on what applications can do once they are installed on Apple devices."

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do. This in contrast to an OS that can be rooted by a fucking website.

Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to

There's a number of things you're missing. Most importantly: practically everyone would consider trojan horses to be malware, or at least an important security issue. Just because the user checked a box somewhere doesn't mean that trojans don't count.Beyond that, trojan horses are due to their very nature less useful in an environment where accountability is higher. This is definitely the case with Apple/iOS, and has lead to a large number of false positives and censorship by Apple, both of which have been discussed at length here on slashdot.Thirdly, unlike Android, I haven't seen any major and widely-reported breaches of apple devices, despite widely-available jailbreaking tools. This surprises me quite a bit. According to the iPhone users I've asked about this they claim that the cause is that most jailbreaks these days work through a physical connection (ie. with a computer).

Android may be more secure in capable hands, but the average user is safer in an environment where available software is code-signed and strictly supervised, either by a single entity such as Apple's iOS market or by the community such as the debian repositories.

The Path app is not malware. It's still on sale on the App Store, and has 5 times as many five star ratings as any other rating, and litterally zero one star ratings. (the possible ratings run from one to five stars).

Email addresses were uploaded simply to facilitate a find-my-friends feature of social networking.

It was a naive implementation, because the same functionality could be achieved simply by uploading hashes of the email addresses. And it was wrong that in earlier versions it didn't explicitly ask the users permission to upload those email addresses.

But there's no evidence of malign behaviour. Only behaviour intended to implement the advertised features.Therefore it's not malign software; it's not malware.

You're showing your ignorance again. Apple did care about it, and that's what got the rule about asking for user permission before uploading contact details came from. A rule which Path now adheres to, which is why it's still in the App Store.

Sure, but if the user is asked for every app whether to share data, the act of sharing data then becomes a standard part of the install. Very technically aware users will make use of this, but for most users it's effectively worthless: it's just another mind-numbingly annoying button you click for the app to run, like EULAs almost no one reads. (Just to be clear, I'm not really arguing about Android vs. iOS, I'm just pointing out the generally low value of relying on users giving consent for an install.)

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

Does that mean that there can never be malware on an operating system like Windows which (AFAIK) doesn't have a mechanism for the user to "say that it's ok for an application to collect that data"?

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

If all users factor out the apps that require these kinds of permissions, how does the set of Android apps compare to the set of iPhone apps?

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it.

It's the wrong time to ask, and the information to make the decision isn't complete enough. For example, these days huge numbers of apps have social components, so permission to access the contacts list is not a warning sign. And at install time the user may only have a hazy idea of the features of the app anyway.

If you're going to have a permission based system, the request for permission should come at the point in time when the restricted resource is about to be used, and should come with an explanation

Could you post the link, please? Seriously. I have an iPhone 3GS which I want to jailbreak to use with another phone carrier, but it has been updated to ios 5.1 and nothing I find (whited00r, redsn0w, tinyumbrella etc) seems to work. The most I've been able to is make the phone boot with a non-working 3G/Wifi radio, which defeats the device being a mobile. Fucking Apple support doesn't want to make it free, and my old operator says it has been freed (my ass).

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

The reason there are fewer iOS malware infections has to do with something totally
separate from security of the device.

There is a 'more efficient' distribution channel for Android platform malware.

Developing for the Apple platform requires a security certificate from Apple to sign applications,
paying money to apple, signing a contract, and approval from Apple and review to be listed on the pap store, which
makes the app store a less efficient means of distributing malware than the Android marketplace.

An operating system can be extremely insecure, but if there is no useful distribution channel,
or no network connection, it is not likely to be infected.

I don't think that is the reason that we hear more about Android malware, although it may be a factor. The barrier to entry of becoming an iOS developer is: buy a Mac (Intel Mac Mini will do), pay $99, sign up on web site. The barrier to entry of becoming an Android developer is: buy a PC (any will do), pay $25, sign up on web site. You could argue that the cost of a Mac Mini is prohibitive, or that hackers are less likely to own a Mac and begin hacking around on iOS in the first place, but for serious malware authors these are not significant barriers.

The real reasons that we hear more about Android malware:

1. Android users can enable installs of apps from non-official markets and random web sites. Many of the reported malware apps come from these kind of sites. But users have to explicitly do this, no phone ships with random web sites enabled as app stores. These same users, having enabled random app sources, then presumably don't bother to check the permissions that the app they install requests.
2. Android allows apps to send premium rate SMS messages and calls without an explicit popup. I personally think Google should probably kill this ability, but then I never call premium rate numbers. Blocking premium rate texts would kill the profit incentive for most malware. If this were an explicit, in your face, permission or setting (like the big warning for data roaming in settings!), then we wouldn't have seen any premium SMS fraud malware.
3. Apple marketing is happy for the media to push the "no iOS malware" angle in the same way that they did successfully with "no OS X viruses". It isn't strictly true, but people believe it anyway, and there is a huge class of users who are willing to pay more for the belief that there will be fewer problems in future. Malware that affects a few thousand people really isn't important in the big scheme of things, but it is something that marketing can use to try and differentiate iPhones in the eye of the consumer from very similar and equally capable Android phones.
4. Apple fans are pushing the "Android is full of malware" meme extensively, even though very few Android users have actually been affected. Is malware an issue that should be dealt with? Yes, but these same Apple fans who argue that Android is "straining under the weight of malware" after a few thousand users have been infected, are also the ones who claim that half a million infected Apple desktops is no big deal.

History has shown that a monoculture is actually more vulnerable to attack. There were some very skilled virus writers back in the 80s who innovated with polymorphic, anti-virus proof code, hidden boot sector infections etc. For whatever reasons, these kinds of hackers moved on to other projects, and what we see now in the virus/malware sector is mainly an industry driven by financial profit motive. iOS has had root exploits, and getting an app on the iPhone app store isn't that hard. Maybe they scan code and do some static analysis to try and spot dodgy functions, but at least one person has gotten malware into the iPhone app store, so it is certainly possible. I really do think that the only reason this hasn't been done is due to the explicit permission that the iPhone requires to send a premium rate SMS. If people ever start doing widespread banking on the Android/iPhone, or Android/iPhone malware ever becomes a populist hobby again (like viruses of the 80s), then I'm sure there will be more. An X-Prize, designed to stimulate malware production on either platform, would almost certainly produce results.

On the contrary, the user has NO control over app permissions, by default. The app author sets what he/she wants, and the user has the choice of accepting it or finding an alternative. No justification, no ability to say "well I want this useful SSH app but I don't want it reading my contacts, so I'll deny that permission". Yes, there are firewall apps (the permissions are in the OS, why do I need an APP to enforce OS permissions?) and for rooted devices, apps that can tweak permissions. But the default is horribly, terribly broken because most of the power is in the hands of the developers, NOT the users.

You would have a point in the case of a killer app, or an only app. In the case of the SSH app, simply pick one of 20 other SSH apps in the market place. Typically for most things you want to do on your mobile there is ample choice available.

The only time this breaks down is when you're forced to use an app for a specific purpose due to popularity. If for instance Draw Something suddenly needed a stupidly unrealistic set of permissions then you'd have something there, but the app would likely drop in rating

.NET gets this right, as it happens - the administrator can grant or deny permissions on a fine-grained level, on a per-app or per publisher basis. The downside to that, though, is that if your app isn't well written, the permissions exception will kill it, which is a big no-no on a phone.

You can do automatic static analysis to determine which APIs the app calls, which provides a list of permissions it might request, but doing analysis to check that it copes with permission denied exceptions is much harder, so you can understand their choice.

What really sticks in my craw is that despite doing this static analysis, and providing this information on the Android market, you can't filter the listings based on the permissions that an app requests.

Anecdote : my wife wanted a bible reader app. I couldn't find a single one, paid or free, that didn't want what I considered an unnecessary level of permissions for something that is essentially an offline eBook reader. What the hell does a bible app need SMS, or contact list access for? In the end, she just installed the one she liked the look of the most, even though I couldn't say I approved of any of them. And I'm sure most people won't even consider it, and click through.

I like Android, but what has kept me away from it is that I have not found an Android phone that consistently gets new updates after they are released for a long period of time. Sure, Apple makes mistakes like this but the important thing is that they shipped an update and basically all affected phones got it even if they were a couple of years old.

Let's say that the same thing happened to Android. How large percentage of Android phones would even get the update at all?

Get a Nexus phone? They tend to get extensive updates, and once your warranty's up/official support dries up, you're guaranteed to be able to flash to Cyanogenmod or any other distribution you can think of thanks to unlocked bootloaders and the inherent popularity of the device.

First off, I want to say that I own a Nexus One and really like my Android phone. I have no intention of going iPhone. I get to hands-on with iPhones all the time and I still like Android better. I both iPhone and Android to everyone, they are both awesome compared to old stupid phones and Blackdeathberry.

That being said, the truth is that Apple does a much better job at releasing updates and supporting older phones than ANY Android phone manufacture out there.

And besides Play Store does have accountability: every developer has to register, and pay a small one-off registration fee as form of identification.

But as the article points out, Apple requires verification of a developer's identity, and Google does not, so a malware author who gets banned from Play can just sign up under a new identity.

Plus:

Beyond that, Guido said that Apple's iOS ecosystem has put controls in place that squeeze malware authors in other ways. An automated and manual application vetting system includes static analysis of compiled binaries that make it very difficult for developers to merely repackage malicious or legitimate applications for sale on the AppStore. That prevents infections of Trojaned applications like the DroidDream malware, which frequently popped up on Google's Android Market.

the exploit you're talking about existed for 1 or 2 minor version numbers, and can no longer be exploited (including by the device owner) due to the OS version(s) no longer being installable without jumping through some hoops (apple's server no longer signs off on the installation). It was a bug in the PDF renderer for safari, for anyone wondering.

Rooting iOS devices remains a hunt for exploits in every version release, and no one's ever sure if and when the next version's exploit will be released. Many 4S/iPad users on iOSv5.1 are have been stuck using a jailed, but perfectly secure device for months now, with no guarantee that the jailbreak will come anytime soon.

Each version makes iOS more and more secure, and there's no guarantee Apple won't eventually release a perfectly secure, jailed OS, and I hope at that point this OS dies off, but that may be asking too much.

Headline says "safer", not "more secure". Safer != more secure. A Windows 95 machine that is not connected to the internet is safer than a Linux web server, but it's certainly not more secure.

BTW, most Android devices have Flash. If Flash isn't current (and even if it it), it's likely your device can be rooted by a website. I haven't heard about targeted attacks on Flash for Android, but Flash for Android has most of the same vulnerabilities as Flash on the desktop.

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do. This in contrast to an OS that can be rooted by a fucking website.

None of that matters as long as that version of android doesn't exist on any Android phone sold.

The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

Therein lies your problem....the user. Oh and it doesn't hurt that a large portion of the marketplace is crawling with malware. Google does not do a good enough job of policing the apps and end users can't be relied on to secure their machine.

I'm not sure why this was modded insightful, let alone +5 since if you read TFA you'd know that they weren't saying that iOS is more secure, only that there are virtually no delivery mechanism for malware because of Apple's app store policies of requiring real world identification of an app author to publish apps in the app store. That and iOS apps are more restricted in what they can do over Android apps.

That's the problem when articles like this hit Slashdot. Rabid fanboys (Apple and Google) start posted without even reading the article. The same thing with modders.

Wow! What a fair and unbiased comparison! A year old iOS version that anyone with an at least 3 year old iPhone could and should have upgraded from, versus the latest Android version that most people can't upgrade to! Rated Insightful, of course, because there's a lot of circle jerk insight in that nonsense of a post!

This is not even to mention that the article has nothing to do with the security of the platform itself but rather its exposure to malware, but hell, let us make it about security and debate the merits of each platform, shall we?

I find it interesting how ignorant some Android fanboys are regarding iOS' sandbox, which is extremely restrictive and does not, by design, allow apps to do anything too fishy even if all permissions are granted. At most an app may be able to pull up your contacts without your permission or access call information, but not much beyond that without the user being notified unless they pierce through the sandbox. An app can't keep itself running in the background for longer than 10 minutes (unless specific profiles that permit so are chosen and approved by Apple for each app), run any kind of code not present during the approval process (meaning it's not OK to download code unless it's an in-app purchase, which may be free, and this includes interpreting code other than HTML and Javascript on Safari, which is why emulators are not permitted), launch or interact directly with other applications unless they register themselves as resource handlers (even running a secondary executable within your own application will result in iOS completely obliterating it without even bothering to inform any attached debuggers of what happened).

In essence, the article hits the spot by claiming that it is the screening process and its walled gardens that keep the nastiness away. It's simply not worth developing malware for iOS, you don't have much to gain by doing it, either you pierce through the sandbox and your app will be rejected (with potential consequences to your developer and / or publisher certificates) or you can be easily detected by any user. There are exceptions, of course, but compared to Android, they are very few in number.

Not to mention Apple has a huge cert process for their iOS store, versus basically anyone being able to code and upload to the Android markets. They do some minor "known problem" screening, but largely it is up to the user to determine what they allow the software to do on their device.

That said, it is the fact that people who are too lacking in knowledge(stupid seems a bit harsh) who use Android are at a greater risk than if they use an iOS device, because Android actually allows you to control your device

..and how would they detect it on the ios? they just said that there is _zero_ malware, yet there's plenty of ios games/apps which leak all your contact info?(as is there for android).

(and the accountability part is that it takes a little more checks to get yourself identified as a publisher for itunes appstore.. however.. it doesn't take that much, there is and has been plenty of unauthorized distribution of asian comics etc there)

I haven't identified any iOS malware either, but that could be because I haven't looked for any(just not my field).

Uploading your contact data for the purposes of expected social connections within the app is not malware. It's not the way it should be done, and poses a security risk if the server is compromised. But there is no mal-intent there. Nevertheless such practice is now explicitly banned without asking the users permission via a dialog at the time.

Uploading your contact details to a server for the purposes of mailing lists, tracking outside of the intended application domain would be malware.

Good point. The security researchers who identified some of the Android malware visited third party Android app stores and downloaded all of the apps so that they could build up a huge app corpus, which they could then scan (static analysis) for malware suggestive signatures. They stated that they couldn't do the same with the iPhone because Apple prohibits mass downloading of iPhone apps in order to build an iPhone app corpus. So the only people who can look for malware across the whole range of iPhone apps is Apple, and it seems unlikely that they would announce if they found any malware, when they can instead just silently remove it from the app store.

And that is why the Android model is flawed. Not fatally mind you, but flawed nonetheless.

You can't expect people to have to audit every bit of software that they install on their smartphone. In fact, it ought to be reasonable for users to expect software they download off the official repositories (App Store, Market) to be malware free.

And yes freedom comes with risks. But freedom also allows users to choose a phone that doesn't require them to expend more effort than necessary to be able to do what they require. Don't forget, a smartphone is a luxury, not a necessity.

No. He was forced to upgrade his software and devices because of the restrictive nature of Apple products. Being told that you can either upgrade or lose access to your personal property is not a "choice", it's coercion.

If you ever feel like it, buy yourself an Android device (one with Google), and actually try buying some software - or even downloading stuff from a third party website and installing it directly.

You'll notice that "auditing every bit of software (you) install" is ridiculously easy. The installer tells you what rights the app needs when you install it. It's pretty easy to determine that a game does not need to capture your keystrokes, and if a cool tool to change the wall paper needs "access to your Google account" then there's obviously something odd going on.

If an app doesn't ask for a particular right, Android's security model prevents it from doing whatever it was that required the right in the first place.

By comparison, as I understand it, I only have Apple's (and a developer's) word that a particular tool for iOS doesn't contain malware. I'm not going to be told what parts of the system it needs to access, I just get a straight "Do you want the advertised features or not?" choice.

The flaw here is on Apple's side. Both systems require you audit the apps you install. Only Android actually lets you do that.

It's pretty easy to determine that a game does not need to capture your keystrokes, and if a cool tool to change the wall paper needs "access to your Google account" then there's obviously something odd going on.

Certainly, but even when setting aside that people ignore this all too easily because they simply want the shiny, your examples are obvious.

What if a chat app wants access to the internet, your contacts, and your phone?Well the internet makes sense - can't very well expect an app that is intended for chatting to not have that connectivity.

Contacts also makes sense because in combination with the phone, it allows the app to send a text message if you have no internet connectivity or simply choose to use SMS instead of its internet-based chat functionality.

So you install the app, and the app sends all your text for datamining to China, all of your contacts to some company in Bulgaria, and sends a bunch of texts to expensive SMS service numbers.Oh, and it also lets you chat with people, so as far as you know, it's doing exactly as advertised.

This is no different on any other platform, of course. It may have been different in the early days of the iPhone, but I rather doubt that they still check each and every app before making them available and instead rely on exactly what the article says.. accountability.. you only get away with malware once unless you also manage to fool Apple into allowing you a new account. But to the end-user(s), the damage is already done anyway.

This may change over the next few years, if efforts to turn smart phones into payment devices gain enough traction. You might find yourself in a store that is not equipped to handle transactions by any means other than smart phones (or paper money, but for something items paper money is a bit impractical -- do you really want to hand someone a wad of $20 bills when you buy a new matress?).

Would the ability to run unapproved software make the infection rates in both of these subgroups near equal? I wonder how many out of all android device are rooted, and how many out of all ios devices are jailbroken. If a higher ratio of droid phones are rooted, with all else equal, then that could also push up the infection rates.

Last time I checked, there were plenty of reports of malicious iOS apps clandestinely hoovering up your private data/contacts, and sending that bundle to the app's developers, who will use it for Lord-knows-what-nefarious-purpose. With this being the case, how can anyone possibly claim that iOS is "secure & malware free". The malware doesn't have to be a Trojan or Virus. It can also be a nasty little app that secretly sends your private data to a server somewhere that you don't even suspect exists. ----- I don't understand why Apple fans need to maintain a strange belief into the "infallibility" of Apple's ecosystem. Apple is plenty fallible in my humble opinion. And this is just another snide attempt to advertise the "Extra-Special-Specialness" of using Apple products.

Call it whatever you want, but we just got the first major malware outbreak in OS X recently after so many years. On the iPhone that is unheard of. Much as in the Windows world and the much hated Vista security system that kept asking you, do you want to do this, or allow that?, that security model is fail since regular users will start saying yes to everything and then end up with a problem. Call Apple what it is, an overpriced hardware/software company that likes to keep the lid closed, but as far as thei

And another big difference: Windows/OS-X malware are usually worms that spread themselves over the network (including drive-by downloads). I haven't heard of any such malware with Android or iOS, instead it was always linked to a certain app that contained some "extra functionality".

I've told people for several years that Apple, Windows, and Linux are for totally different philosophies. Apple seems to be more for the creative content producers, that don't really want to know how the computer works, or play with it, they just want to focus on whatever it is that they want to do. They may pay a premium, and have a severely limited selection, but they are getting what they want. Windows seems to appeal to the largest percentage of the consumer market and industry. It's got everything under the sun available for it, and is fairly well locked down, but with some work you can dig into it and do some limited customizing.

You didn't think I was going to leave out Linux/Android, did you? My personal favorites, but I don't recommend them for everyone. They seem to appeal to the tinkerers and hackers, not afraid to get their fingers burned or let the magic smoke out. Linux does run most of the Internet though, and most smartphones, and a lot of tablets now, and Google and Yahoo! and Ebay, and 9 out of 10 financial institutions, and is embedded in most home routers and god-knows-what-all. Just not most desktops.

Funny. Everybody I know of who runs Windows can be slotted in one of two categories:-Runs the computer with a modicum of common sense. Doesn't click "free cat wallpaper" links on ihaxyou.com. Lets Windows run its updates.-Does everything in his/her power to wreck the computer.

The few that are in the second category deserve to be hacked, really. It's like complaining that your car sucks because you didn't do your oil change for five years and used summer tires in winter.

Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware,.

Wait, what?

An empirical analysis of existing malicious iOS and Android programs (which the article claims do not exist for iOS) shows that no malicious apps exist for iOS.

Of course a walled garden is safer than the wild west. I bought into Apple's ecosystem for my phone, because reliability and stability are very important qualities to me for that type of device. And I haven't been disappointed with my choice.
Where this approach suffers is with my newly acquired iPad. The iPad is quickly becoming my laptop replacement; I do way more with it than is practical with my phone. I've started to bump my head on the roof of Apple's iOS. The limitations can be irritating. I'd be w

Yeh right because Apple want to lower their profits. You still won't be able to upgrade the storage either (unless you pay a lot of money for the crippled Apple solution or even more money for an 8GB flash add-on).

Expandable storage isn't going to hurt apple's bottom line one bit. I mean, apple already sells an sd card and USB host socket for the iPad. Not only that but Dropbox and other cloud storage APIs can be used across the system. That's not the problem. The problem is data presentation.

> "under the wait of repeated malicious"> "under the weight of repeated malicious ">> "It takes a determined idiot to make a spelling mistake when copying and pasting from a website."

No, All it takes is someone using a Speech Recognition (SR) system."wait" and "weight" are pronounced exactly the same way and so identifying the actual word intended by the speaker is harder for the software. The software converts speech to text so quickly these days that most people cant keep up with it and hence

There already is a secure and fairly libertarian phone out there, blackberry. You can only load signed RIM OS's however you can loa any signed RIM image compatable with your phone, there are betas in the wild to play with, and you can install apps from the browser or the PC software that comes with it. You also have a detailed list of what you will and will not allow. You can allow wifi and bluetooth but block mobile, you can allow SD card but block email and contacts

Wow... the last time I saw such rampant fanboyism is when I badmouthed the original iPad here on Slashdot on the day of release. Of course, every one of my comments was completely on the mark... and this from someone who still has an original iPad that gets used when I take business trips and almost no other time in my life. But I digress.

Seriously? I had to do a doubletake when I read the summary, and had to take a few more when I read the article. I have run an Android phone for over a year now and I am seriously happy with it. It's not failing under the "crushing weight of viruses" any more than my aging but still useful iPhone 3GS is (I use it as an iPod because I bought into the iTunes ecosystem years ago and it happens to integrate beautifully with my car). I install apps on both depending on my utilization and needs, and neither has been unduly burdened with malware. Of course, my Android phone actually tells me what an application wants to do while I install it, thus providing the knowledgeable user some modicum of security. And yes, every app I install I read those and make a decision whether the app is asking for appropriate rights or not. And yes, I've refused some apps because of it. Of course, I AM a knowledgeable user and that kind of security doesn't help Joe Schmoe with his free smartphone with a 2 year contract and no lube... but one of the central tenets of security is that people are the weakest link in any security chain and that will never change.

So far I've found my only complaint with Android is that it fails under the crushing weight of battery technology that can't cash the check the manufacturers of the device wrote. But at least with Android I can have a second battery hanging around that I can swap in at any time... can't do that with an iPhone unless you're a really determined hardware hacker. Yes, I can improve it slightly by turning off all my antennae but then I am running a dumb phone with games on it... I have a smartphone so it can be connected anywhere at any time. Of course, many of the apps I install probably don't help... but that's a choice I make. Because the charging port is completely standard I just took my charger and left it at work; I use my Kindle's charger at home to keep my phone charged at night because really... how often do I need my Kindle?

As a past and current iOS user (sometimes), AND an Android user I find the article FUD. Actually, can I mod it trollbait?

while Apple's iOS remained free of malware, despite owning 30% of the mobile smartphone market in the U.S.

Really? That number in that question? Do you think malware takes the US market share into consideration? Don't you think the global market share would be the only relevant number if citing share percentage numbers related to global malware proliferation? Or malware is only written and distribute themselves in the US? If so tell us, so we can disconnect the rest of the world, just to be on the safe si

Here's a much better method for optimising security on your smartphone or tablet:

DON'T INSTALL WORTHLESS SHIT

Apple's App Store and Google's Marketplace make Sturgeon's Law seem like hopelessly naive pollyanna-ish optimism. They each may have a few hundred thousand apps, but less than one in ten thousand or so are worth even looking at, let alone installing.

Don't you remember being a lil kid? Anything you want to do is safe as long as you have someone to blame.Accountablility=safety.Oh a security breach! It's Norms fault, Fire him!Problem solved, you're all safe now that Norm isn't coding for us anymore.For Security, just think different.

Being accountable does help keeping people honest. Knowing you will get away with taking a fistful of dollars from the cash register versus knowing that the management will realise that there is money missing from your cash register makes a big difference.

Security is all about layers. Accountability is just one of them, and it is an important one.

Actually, human beings are social animals, and accountability can actually worsen security if it weakens a perception of a bond of trust, which might very well be more effective. Accountability can be circumvented, expectations of honesty cannot. In terms of the cash register, keeping the balance is probably a good idea, but there are other situations and I just wanted to nuance this very American notion that interpersonal trust is equal to weakness.

I'm sure there will be plenty of hair splitting by the apple afficionado's but just about every app I load, whether ios or android, all wants access to data they dont need and many transfer stuff like my name, phone number and who knows what else. I've had quite a few that broke my device or gave it some real problems, again on both platforms. I call that malware. It steals my stuff (although I agree to the theft because if I didnt, I'd have no apps) and often eats my battery life or gives me operational

That is a distinction that the study apparently did not make, because it talks about "malicious code" rather than viruses. In fact, most of the malicious apps that one hears about are spyware or trojans rather than viruses.

My thought exactly... it is not necessarily because a platform is currently less plagued that it is more secure and I won't be splitting hairs w/ you... part of the reason is I am not really sure how I would go about splitting hairs anyway:p

Some Mac users are stuck up and bought into the cult. I am a Mac user, but I'm also an Android smartphone user. I have had iOS devices and my iPhone 3GS still does sterling duty as a portable music box mostly used in my car.

I like the Mac because it's UNIX. I like the Mac because my 13" Macbook Pro is one of the nicest designed and manufactured laptops I've used in the last few years. I like the Mac because most of the time the OS gets the hell out of my way and lets me get my work done. For two years I tri

And I doubt that the security advantage will keep after all. Give it a bit more time and iOS will be just as virus plagued as Android is.

Why would more time matter? For OS X, sure it is slowly gaining market share and becoming a more and more attractive target. For iOS though, it has dominated as the biggest single target for a long time.

I highy doubt iOS is fundamentally more secure than Android...

The article makes no such claim. Rather, it claims the difference is the ecosystem in which each is released. The claim is not that iOS is more secure, but that the distribution model locked to the Apple store and the accountability of people submitting to the iTunes App store is the determining factor. It'